Overview

overview

10

Static

static

3

be75358ef1...18.exe

windows7-x64

10

be75358ef1...18.exe

windows10-2004-x64

10

$TEMP/29.opends60.dll

windows7-x64

1

$TEMP/29.opends60.dll

windows10-2004-x64

1

$TEMP/Ster...ap.dll

windows7-x64

3

$TEMP/Ster...ap.dll

windows10-2004-x64

3

$TEMP/WebN...mes.js

windows7-x64

3

$TEMP/WebN...mes.js

windows10-2004-x64

3

$TEMP/aspnetisapi.dll

windows7-x64

3

$TEMP/aspnetisapi.dll

windows10-2004-x64

3

$TEMP/autolayt.dll

windows7-x64

3

$TEMP/autolayt.dll

windows10-2004-x64

3

$TEMP/coyote.exe

windows7-x64

4

$TEMP/coyote.exe

windows10-2004-x64

10

$TEMP/cvtres.exe

windows7-x64

3

$TEMP/cvtres.exe

windows10-2004-x64

3

$TEMP/disco.exe

windows7-x64

1

$TEMP/disco.exe

windows10-2004-x64

1

$TEMP/emcmp.ko

ubuntu-24.04-amd64

$TEMP/ltv350qv.ko

ubuntu-22.04-amd64

$TEMP/sl-modem.py

windows7-x64

3

$TEMP/sl-modem.py

windows10-2004-x64

3

$TEMP/syst...er.vbs

windows7-x64

1

$TEMP/syst...er.vbs

windows10-2004-x64

1

$TEMP/vsslnui.dll

windows7-x64

1

$TEMP/vsslnui.dll

windows10-2004-x64

1

$TEMP/webb...35.pyc

windows7-x64

3

$TEMP/webb...35.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be75358ef16a88307d3722de7f8d080b_JaffaCakes118

  • Size

    759KB

  • MD5

    be75358ef16a88307d3722de7f8d080b

  • SHA1

    0a812866da45cf66666af011efee7965290a537a

  • SHA256

    6401173b049bfd58a827e272138d0cf08185519dfa744e2b2e9990b4cade3a49

  • SHA512

    be050652c2c6ad722292c686898b48dd5c8dfe35d977cb74586dce59e89a24e3ab9b9aa5b9fc3cb9ed91f0ab8bc3b34d53e298c2d0e1a20db32f539e2d12297c

  • SSDEEP

    12288:1gh+13sf8irOhRxuXEMzhy8H2kT//B4vvNuBvw0C9/D42fWGS:TMN9Wk14aY0C97S

Score
3/10

Malware Config

Signatures

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • be75358ef16a88307d3722de7f8d080b_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    4ea4df5d94204fc550be1874e1b77ea7


    Headers

    Imports

    Sections

  • $TEMP/274.5
  • $TEMP/29.opends60.dll
  • $TEMP/AsyncPictureBoxForm.jsl
  • $TEMP/Grammars.HxT
    .xml
  • $TEMP/Harmony
  • $TEMP/Local107627953addgroup2.gif
    .gif
  • $TEMP/SterletFiretrap.dll
    .dll windows:5 windows x86 arch:x86

    31f8d7608ac28f8e2c4da2401fcb9a56


    Headers

    Imports

    Exports

    Sections

  • $TEMP/WebDevWebServer.exe
    .xml
  • $TEMP/WebNavigationFrames.jsm
    .js
  • $TEMP/aspnetisapi.dll
    .dll windows:5 windows x86 arch:x86

    920e7b5dde568d9493b3eee85fcde552


    Headers

    Imports

    Exports

    Sections

  • $TEMP/autolayt.dll
    .dll windows:5 windows x86 arch:x86

    e0c75e651f6c97a0938a6233a5931725


    Headers

    Imports

    Exports

    Sections

  • $TEMP/coyote.exe
    .exe windows:5 windows x86 arch:x86

    b8848a4f4ce4477c977469ab423650aa


    Headers

    Imports

    Sections

  • $TEMP/cvtres.exe
    .exe windows:5 windows x86 arch:x86

    acab46bf2f1f805110b896684dbe541f


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/dhcpwins15.gif
  • $TEMP/disco.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • $TEMP/dvvscmdsK.HxK
    .xml
  • $TEMP/elfi386.xdc
  • $TEMP/emcmp.ko
    .elf linux x64
  • $TEMP/ieexec.exe
    .xml
  • $TEMP/ltv350qv.ko
    .elf linux x64
  • $TEMP/nqroasn.gif
    .gif
  • $TEMP/oledw9FileList.HxF
    .xml
  • $TEMP/picturemate4.xml
    .xml
  • $TEMP/sl-modem.py
  • $TEMP/soft-structuregrey.jpg
    .jpg
  • $TEMP/system-config-printer.rtupdate
    .vbs
  • $TEMP/templatestar.png
    .png
  • $TEMP/url.amf
  • $TEMP/vsslnui.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $TEMP/webbrowser.cpython-35.pyc
  • $TEMP/x-sony-sr2.xml
    .xml
  • $TEMP/x-tex.xml
    .xml